AU's cyber security convention of little consequence

Information security experts have said that the African Union (AU) Convention on Cyber Security and Personal Data Protection has had little influence in the fight against cybercrime.

The Convention was set up in 2014 to establish a guideline to enhance cyber security and personal data protection.

However, most countries have yet to ratify the Convention.

Nairobi-based telecommunications analyst Tom Makau said, "The African Union adopted the Africa-wide Cybersecurity and data protection convention in 2014 and so far out of the 55 member states, only 8 countries are signatories with one member simply ratifying the convention."

"This is a sign that the continent lacks the will to protect its citizens from cybercrime and data breeches."

Speaking at the Africa Cyber Defense Summit in Nairobi, Dr. Sherif Hashem, the VP for Cybersecurity at the National Telecom Regulatory Authority of Egypt, added: "There is a need to turn it into a real life convention not just a document.It needs a lot of attention, but things will not change overnight."

Hashem said for the Convention to take root, the AU needs to establish a strong secretariat to implement policies for adoption.

According to a report by Deloitte released in 2017, only 17 countries in Africa have enacted local Personal Data Protection laws. Even fewer have legislation in place to deal with cyber security.

Vincent Ngundi, Head of National KE-CIRT ( Computer Incident Response Team) and Cybersecurity Committee at the Communication Authority (CA), said initiatives on the continent should be backed by research and development, although this would require additional funds.

"We have our own unique challenges are Africans, even though cybersecurity is a global trend," Ngundi said. "African problems are best addressed by Africans themselves."

Ngundi confirmed that Kenya's draft bill on Data Protection is currently undergoing stakeholder engagement before being tabled for parliament.